All Posts

Cyber attacks by criminals or human error – which is the greatest threat?

18th May 2018

A cyber attack sounds more ‘glamourous’ as an explanation for downtime than simple ‘human error’, which is why probably most assume that when there’s an outage that there’s a band of nasty cyber thieves hacking into the system. But, more often than not, it’s the unglamorous fat finger mistake that is the main reason behind the outage. Yes, good old fashion human error is to blame for most of the breaches.

There are lots of reports citing human error as the reason for breaches in security. Back in 2013, IBM said that a staggering 95% of security incidents involved human error. Fast forward 2018, IBM’s X-Force Threat to Intelligence Index reveals that with mobility and bring-your-own-device (BYOD) trends being the norm in today’s working world, everyone can now be classified as an insider threat.

IBM’s report revealed that in 2017, there were several high-profile breaches that were eventually attributed to the errors of ‘inadvertent insiders’. It said that the most common reasons why insiders exposed business data was due to ‘basic misjudgment’, such as storing intellectual property on insecure personal devices and systems and falling for phishing emails.

IBM revealed that misconfigured cloud servers, networked backup incidents and other improperly configured systems were responsible for more than two billion records or nearly 70% of the total number of records tracked by X-Force last year. What’s more, cloud-related cyber attacks increased by 424%, largely because of human error. Sadly, this type of problem is bound to continue as a result of many businesses transitioning from traditional computer systems to public clouds.

Worryingly, these mistakes in turn expose companies to attack from cyber criminals with the affected company’s finances taking a heavy blow – back in January this year Lloyd’s of London issued a report with risk modeler AIR Worldwide which said that the temporary shutdown of just one cloud computing provider could result in billions of dollars lost (between $5.3 and $19 billion if a major cloud computing provider were to go down).

If you’re thinking ‘this can’t happen to me’, then you’re leaving your business in a vulnerable position because financial services firms are certainly not immune to attacks. In fact, according to IBM’s X-Force data the financial services sector has been the most attacked industry two years in a row. The latest report says that financial services companies experienced 27% of security incidents and 17% attacks.

If you’re a small business you’re also in danger of being attacked. Lloyd’s report explained that smaller companies are more likely to use clouds than bigger ones and also typically don’t have cyber insurance in place.

The good news is that there are plenty of things you can do to ensure that you’re not a victim of cyber crime or negligence and error from employees. Educating your staff about these risks is an absolute must and getting cyber insurance is also vital. But more importantly it’s essential to partner with a software provider that has a good track record and will help to protect your data. At SchemeServe we can proudly confirm that, according to our records, we are 99.99% free of downtime.

Human error will always exist because we are not infallible. But when it comes to outsourcing and picking your technology partners – their records should speak for themselves. Make sure you partner with the right providers because your customer’s data is precious and so is the reputation that you’ve built up over the years. The last thing you want is for your reputation to lie in ruins because of one breach that could’ve been avoided.